The Aadhaar Digital Highway, and the biometric bypass – a compilation

TheUIDAIkeeps insisting that Aadhaar is secure. Biometics can’t be bypassed,enrolmentsoftware can’t be hacked, and so on. So I put together a quick list. This list is under construction. Keep checking for updates.

April 2012: An enrolment agent was found to have issued30,000 Aadhaar cards in a span of six months. 800 of these were enrolled using biometric exceptions for disabled people and when the police were asked to verify, they found that none of the disabled people lived at the addresses provided One Mohammed Ali, employee of IL&FS was arrested in this matter. Later, it was discovered that Mohammed Ali’s employment had been terminated in September of the previous year, andemployees at 20 different centres in the city had been using his credentialsto login and create Aadhaars. This was supposed to not be possible, but a flaw in the registration software allowed it.

June 2012: Also in Hyderabad and also IL&FS. Seven were arrested including IL&FS officials and arationcard shop owner, when it was found that anex-employee borrowed an official laptopto conduct some 60 enrolments, at least 13 of which were fraudulent and for the purposes of ration card fraud. In this case, it appears that the arrested person used his own fingerprints, which is how he was caught, but it is unclear how an ex-operator’s fingerprints were accepted by the system.

TheAadhaar Aasara scamsaw 3 individuals between ages 20 and 30 arrested when it was found that they created fraudulent Aadhaar cards to receive government old age pensions of Rs. 1000 per month to the tune of Rs. 50 lakh.

TheKanpur Aadhaar enrolment Scam: the software was patched to bypass iris authentication and copies of fingerprints of authorized operators were used to login and create or update Aadhaar cards.

The Asia Times report ofcracked ECMP softwarethat worked “out of the box” – it came preconfigured with valid credentials of operators and a patch to bypass geographical restrictions that prevented access from unauthorized locations.

The UIDAI itself has admitted on20th June, 2017, that there are reports of biometrics being hacked, which is why it raised the penalty for bypassing biometrics to one lakh. “Due to various cases of bypassing the operator biometric capture being reported, UIDAI has decided to impose a penalty of Rs 100,000 per enrolment station found to be bypassing the operator biometric.”

Vidyut

Vidyut is a commentator on socio-political issues with a keen understanding of tech and policy. She has been observing and commenting on Aadhaar since 2010 from a perspective of human rights, democracy and technological robustness.

Basic translations are automated if you'd like to volunteer to correct them, please email info@aadhaar.fail

Support Aadhaar FAIL!

Aadhaar FAIL is a volunteer run site. No one gets paid for creating or translating content. However, there are expenses related to servers, occasional software related expenses and it will be good to occasionally be able to pay someone to do time consuming and critical research. If you would like to support, please gift moneyhere.

In October 2017, the RBI announced a high level task force that would study and help set up a transparent and comprehensive public credit registry (PCR). The RBI’s PCR was intended to be “an extensiveRead more…

Chandigarh: In yet another blow to the much touted Aadhaar eco-system, a recent case of a huge “scam” involving Aadhaar seeding of a large number of ration cards with unique identity (UID) numbers of those not entitledRead more…